web penetration testing

I recently got the opportunity to speak at B-Sides Charleston on cross-site scripting (XSS) payload development. For me, this was a really enjoyable opportunity because of my background. I was a software developer specializing in web apps for about 10 years. I did web development as a hobby for more than 10 years before that. …

This one is for you web penetration testers! This new Burp extension is designed to help with efficiency when you are testing a complex application full of parameters or a series of applications and just do not have enough time to thoroughly analyze each one. It analyzes all the parameters in your in-scope traffic and …

We are really excited to announce that SamuraiWTF 3.2 is now available publicly. This release is available at http://sourceforge.net/projects/samurai/ immediately and we hope you enjoy it. In this release we have updated a number of tools, addressed bug issues, and improved the target environments to better suit a training environment. We have also updated the …

Burp BS… where the “BS” stands for BeanShell. “What on earth is BeanShell?” you may ask? BeanShell is a very old Java library that was designed to build scripts in Java (full details on www.beanshell.org). It never really caught on for general use because the Java language is designed from the ground up to be …

Start 2015 right with a free web session to learn all about the Burp CO2 plugin! This training is scheduled for Thursday, January 8th, 2015 at 2pm EST. Portswigger’s Burp Suite is a very popular and flexible intercepting proxy tool among web application penetration testers. During this training session I will provide an overview of …

We are really excited to announce that SamuraiWTF 3.0 is now available publicly. (We did a previous release but found some issues and so that was pulled back.) This release is available at http://sourceforge.net/projects/samurai/ immediately and we hope you enjoy it. In this release we have updated the base operating system to Ubuntu 14.04 (hence the …

I recently noticed an uptake on Cross-Origin Resource Sharing (CORS) findings showing up in automated scanning tools, which would not have been a significant concern except for the fact that the tools were rating this as a relatively “high” severity and very few people I asked about it seemed to have any idea what it …

Secure Ideas is excited to announce the latest class in our Professionally Evil Course series: Ride Along Penetration Testing. This course will be held on October 9th at 2PM eastern. Unlike so many other courses, this is not a typical “here is a tool and how to use it” course. In this 2 hour course, James …

Ever thought about being able to test the security of your web applications? Wanted to know how the Professionally Evil hack web services and applications? Interested in upgrading your skills around attacking modern web applications? Well now you have your chance! Secure Ideas is excited to announce the latest in our course offerings. We will be …

Secure Ideas is excited to announce its latest upcoming online training. We will be offering a two-hour session exploring advanced topics related to Burp Suite and its use in a web application penetration test. Kevin Johnson and James Jardine will explore the various features of Burp Suite, focusing on how we use the system during our penetration …